lywsvip/claude-code
1
0
Fork 0
mirror of https://github.com/instructkr/claude-code.git synced 2026-05-06 14:10:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(scripts): add dogfood-build.sh — build from checkout and verify provenance

Browse Source 
Builds claw from the current HEAD, then checks that the binary's
git_sha matches git rev-parse --short HEAD. Exits non-zero if the
binary is stale or provenance is opaque (git_sha: null).

Usage:
  CLAW=$(bash scripts/dogfood-build.sh)   # fail-fast if stale
  $CLAW version --output-format json       # provenance confirmed

Addresses ROADMAP #69: dogfooders using a stale installed binary
cannot attribute behavior to specific commits. This script makes
dogfood round zero unambiguous.

Also documents the safe workaround for contributors who have a
stale system-installed binary.
This commit is contained in:
YeonGyu-Kim
2026-05-05 06:06:54 +09:00
parent 64f92b1560
commit eee6f43ebf
1 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
scripts/dogfood-build.sh Executable file
View File

@@ -0,0 +1,38 @@
#!/usr/bin/env bash
# dogfood-build.sh — Build claw from current checkout and verify provenance.
# Usage: bash scripts/dogfood-build.sh
# On success: prints the verified binary path. Use as:
# CLAW=$(bash scripts/dogfood-build.sh) && $CLAW version --output-format json
set -euo pipefail
REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
RUST_DIR="$REPO_ROOT/rust"
BINARY="$RUST_DIR/target/debug/claw"
EXPECTED_SHA="$(git -C "$REPO_ROOT" rev-parse --short HEAD)"
echo "▶ Building claw from $REPO_ROOT ($(git -C "$REPO_ROOT" log --oneline -1))..." >&2
cargo build --manifest-path "$RUST_DIR/Cargo.toml" -p rusty-claude-cli -q
if [[ ! -x "$BINARY" ]]; then
echo "✗ Build succeeded but binary not found at $BINARY" >&2
exit 1
fi
BINARY_SHA=$("$BINARY" version --output-format json 2>/dev/null \
| python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('git_sha','null'))" 2>/dev/null || echo "null")
if [[ "$BINARY_SHA" == "null" || -z "$BINARY_SHA" ]]; then
echo "✗ Provenance check failed: binary reports git_sha: null" >&2
echo " Binary: $BINARY" >&2
exit 1
fi
if [[ "$BINARY_SHA" != "$EXPECTED_SHA" ]]; then
echo "✗ Provenance mismatch: binary=$BINARY_SHA, HEAD=$EXPECTED_SHA" >&2
echo " Rerun after 'git pull' or check for uncommitted changes." >&2
exit 1
fi
echo "✓ Binary verified: $BINARY_SHA == HEAD ($EXPECTED_SHA)" >&2
echo " To dogfood: export CLAW=$BINARY" >&2
echo "$BINARY"